API Surface Issue
Category
Unused export
Summary
- File:
src/ssl-bump.ts
- Symbol:
SslBumpConfig (line 39)
- Issue:
SslBumpConfig is exported from src/ssl-bump.ts but is never imported in any other file. It is used only as the parameter type for the internal generateSessionCa function within the same file.
Evidence
$ grep -rn "SslBumpConfig" src/ tests/ --include="*.ts"
src/ssl-bump.ts:39:export interface SslBumpConfig { ... }
src/ssl-bump.ts:181:export async function generateSessionCa(config: SslBumpConfig): Promise<CaFiles>
src/ssl-bump.ts:207: # comment mentioning SslBumpConfig
No file outside src/ssl-bump.ts imports SslBumpConfig.
Additional Context
ssl-bump.ts is a security-critical module (handles SSL certificate authority generation for TLS interception). Exporting internal config interfaces unnecessarily widens the attack surface and could encourage misuse by callers bypassing intended validation.
Recommended Fix
Remove the export keyword:
interface SslBumpConfig { ... }Impact
- Dead code risk: High — Security-critical module; unnecessary exports in this module are especially risky.
- Maintenance burden: Low
Detected by Export Audit workflow. Triggered by push to main on 2026-05-03
Generated by API Surface & Export Audit · ● 545.7K · ◷
API Surface Issue
Category
Unused export
Summary
src/ssl-bump.tsSslBumpConfig(line 39)SslBumpConfigis exported fromsrc/ssl-bump.tsbut is never imported in any other file. It is used only as the parameter type for the internalgenerateSessionCafunction within the same file.Evidence
No file outside
src/ssl-bump.tsimportsSslBumpConfig.Additional Context
ssl-bump.tsis a security-critical module (handles SSL certificate authority generation for TLS interception). Exporting internal config interfaces unnecessarily widens the attack surface and could encourage misuse by callers bypassing intended validation.Recommended Fix
Remove the
exportkeyword:Impact
Detected by Export Audit workflow. Triggered by push to main on 2026-05-03